You might want to read this to get an introduction to armel vs armhf.
If the below is too much, you can try Ubuntu-ARMv7-Qemu but note it contains non-free blobs.
First, cross-compile user programs with GCC-ARM toolchain. Then install qemu-arm-static so that you can run ARM executables directly on linux
If there's no qemu-arm-static in the package list, install qemu-user-static instead
The badge of the Syscan 2015 conference included an ARM-based STM32F030R8 processor running some challenges. Although SWD pins are accessible on the badge, some have noted that the STM32 is readout-protected, meaning that it will refuse to dump its flash memory.
Fortunately, two researchers (Johannes Obermaier and Stefan Tatschner) recently published a paper at the WOOT '17 conference, in which they reveal a vulnerability allowing to bypass the readout protection. Their technique allows to dump the flash one DWORD at a time, rebooting the CPU between each access.
I implemented this attack using a BusPirate and the PySWD module. Here is a quick'n dirty PoC to
Mozilla Firefox supports a feature that allows to define SVG images inside an OTF font to represent characters. This is useful if we for example want to work with colorful characters, Emoji, animated characters and so on. Firefox is currently the only relevant browser supporting this technology.
The general technology and its advantages are described here:
| #!/bin/bash | |
| # Bash script for setting or clearing touch requirements for | |
| # cryptographic operations the OpenPGP application on a YubiKey 4. | |
| # | |
| # Author: Alessio Di Mauro <alessio@yubico.com> | |
| GCA=$(which gpg-connect-agent) | |
| DO=0 | |
| UIF=0 |
Note: I've only briefly read the related CPI paper (PDF), this is just initial impressions after playing around with it a bit.
All the code and binaries I used can be downloaded here. Note that I removed -DFORTIFY_SOURCE=2 to make the examples a bit simpler.
-fsanitize=safe-stack basically seems to move stack based buffers off the actual stack, onto another segment of memory (I'll call it the fake stack). The actual stack then stores references to this segment. For example:
char buf[20];
printf("%p\n", buf);
| #!/usr/bin/python | |
| import sys | |
| import argparse, json, base64, struct | |
| import urllib2 | |
| from datetime import datetime | |
| LOGS = { | |
| 'icarus': 'https://ct.googleapis.com/icarus', | |
| 'pilot': 'https://ct.googleapis.com/pilot', |
| # Automatically find XOR/SHL/SHR routines from an executable | |
| # Uses IDAW (text IDA) | |
| # @bbaskin - brian @ thebaskins.com | |
| # While other, more powerful scripts like FindCrypt find known | |
| # algorithms this is used to find custom encoding or modified | |
| # encryption routines | |
| """ | |
| Script results: | |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- |
Magic words:
psql -U postgresSome interesting flags (to see all, use -h or --help depending on your psql version):
-E: will describe the underlaying queries of the \ commands (cool for learning!)-l: psql will list all databases and then exit (useful if the user you connect with doesn't has a default database, like at AWS RDS)
A primitive Double A (AAA-minus-Accounting) RBAC system implemented in declarative Nginx config.
So I noticed https://github.com/alexaandru/elastic_guardian, a simple AAA reverse-proxy to sit in front of Elasticsearch. Reading the source and comments tickled my "why is this in code not config?" funnybone.
I asked @alexaandru (https://twitter.com/jpluscplusm/status/438339557906735104) who told me it was mostly the resulting complexity of the nginx config he tried that prompted him to write it.
\o/ ... for HAProxy. Recent patches to make TLS faster: